[ale] Authentication solution for Linux/Windoze environment
Lane Oden
loden at ncpsolutions.com
Wed Jan 3 12:07:18 EST 2007
Can anyone suggest an authentication solution that can handle both
networks with minimum maintenance overhead? I prefer a Linux/open source
solution but would also entertain an appliance solution. There is also a
need to include a remote mirrored system for a branch office. A Windows
based Domain controller has been recommended but it does not seem to
support RHEL 4 well (or my Windows Admin does not know how to implement
it).
A Windows DC will do the trick here provided you're running up to date
versions of Samba (3.x works great... 2.2.x works ok... 2.0.x is a
little sketchy...). There are a number of ways to accomplish this
depending on how seamless you want this to be.
Currently, I'm running on an AD2K3 network with some Linux servers
configured to run as part of a single sign on solution. We actually use
our Windows domain UIDs and passwords to sign on to the Linux servers.
Authentication privileges are also granted via AD groups depending on
the service being used. The mechanism I'm using to accomplish this is
winbind, part of the samba suite. Also, using Samba shares doesn't
require separate authentication outside of a normal Windows login.
However, LDAP and Kerberos are both supported on Linux and can be
configured to speak more natively with AD if necessary.
You may also want to look at Fedora/Red Hat Directory Server (depending
on the level of support you need). That will give you a Linux based
option for your Linux hosts and continue to allow you to use the Windows
DC for your Windows hosts. FDS works well in conjunction with AD.
Lane
More information about the Ale
mailing list